From owner-freebsd-security Tue Apr 9 6:11:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from web11807.mail.yahoo.com (web11807.mail.yahoo.com [216.136.172.161]) by hub.freebsd.org (Postfix) with SMTP id 8112537B400 for ; Tue, 9 Apr 2002 06:11:22 -0700 (PDT) Message-ID: <20020409131122.2511.qmail@web11807.mail.yahoo.com> Received: from [64.73.64.94] by web11807.mail.yahoo.com via HTTP; Tue, 09 Apr 2002 06:11:22 PDT Date: Tue, 9 Apr 2002 06:11:22 -0700 (PDT) From: X Philius Reply-To: xphilius@yahoo.com Subject: Re: zlib double-free security notification To: Peter Pentchev Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020409095832.A3374@straylight.oblivion.bg> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peter, Well, honestly, it is the "execute arbitrary code" warnings that I am really worried about. I run a web server for educational purposes more than anything else (ie there are no CC numbers or really anything else private on the whole machine). I want to make damn sure I don't get cracked and have my server used as a launch pad for some other nefarious task, but if someone crashes my ShoutCast server or Apache it's no big loss ;-) Anyone know of any scripts in the wild that take advantage of this hole? Jason > > "Simple DoS issues" might result in killing a server you do not want > killed, thus (theoretically) denying access to important services > and maybe the machine itself. In truth, right now I cannot remember > if there were any such announced vulnerabilities that could result > in killing off a whole service, but.. better safe than sorry, I'd > say.. > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > I am not the subject of this sentence. > > ATTACHMENT part 2 application/pgp-signature __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message